WordPress All In One SEO Pack plugin zero-day vulnerability

We have been notified that a vulnerability within the All In One SEO Pack WordPress plugin that allows non-privileged users to modify the SEO data as well as inject arbitrary code within the site. The developer has released a patch for this vulnerability which resolves the issue with a simple update of the plugin to version 2.1.6.

What if I am affected?

If you are currently running the All In One SEO Pack plugin on your WordPress site, update it to version 2.1.6 immediately. After doing so, we recommend that you run Sucuri SiteCheck as well to ensure that there is not any compromised code running within your WordPress site.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)

The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.

How did you find this article?

Please tell us how we can improve this article:

Email Address

Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!